1. Field of the Invention
This invention pertains generally to security and authentication systems and methods for internet commerce. More particularly, the invention is a transaction authentication system and method which provides multiple levels of security, which provides for authentication of a purchaser transparently, and further provides verification of the purchaser by remote access.
2. The Prior Art
Internet fraud is the subject of considerable concern to merchants, banks and consumers. Unfortunately, most online merchants only verify that the payment or credit card number of a purchaser has not been reported as stolen or called in lost by the cardholder. No further authentication of the purchaser is completed. The internet commerce industry is very interested in improving the measures utilized to ensure the authenticity of each transaction. Recently, many security and verification systems such as digital credential, digital signatures, electronic checks and digital certificates have been implemented to reduce fraudulent use of credit cards.
At present, there are two major types of reliable security technologies deployed on the internet; SSL (Secure Sockets Layer), and SET™ (Secure Electronic Transaction). These are currently available for online purchases. Secure Sockets Layer (SSL) provides sound privacy protection by encrypting the channel between the consumer and the merchant. Since the data sent over the channel is secure, SSL is sufficient security for the consumer when doing business with merchants they know, but SSL does not authenticate that the purchaser is the rightful owner of the offered credit card number.
Secure Electronic Transaction (SET) makes online transactions secure by encrypting payment information in a manner similar to SSL, and in addition also uses digital certificates to verify that both consumers and merchants are authorized to use and accept credit card numbers. Merchants worldwide are currently adopting SET. The SET authentication process uses electronic forms of identification known as digital certificates that are issued to cardholders and merchants by electronic payment institutions. Transactions require a significant amount of computation by multiple parties for completion.
Most security and authentication systems presently in use require digital certification, such as a personal identification number (PIN) or prior verification, to obtain e-checks, e-cash, e-charge or digital certificates. It may also be necessary for the purchaser and merchant to obtain specific software to allow the use of these security systems. At present, these systems are cumbersome, awkward, and time consuming for both the consumer and the merchant and do not fully address the fraudulent use of payment card numbers which is so prevalent in electronic commerce.
The most secure way to authenticate the identity of a consumer is by personal intervention. Personal intervention is straight forward for person-to-person sales in which the signature of the consumer or a picture ID can be produced for consumer verification at the time of sale. Unfortunately, personal intervention for electronic purchases is not as simplistic, and authentication of the purchaser may entail answering laborious personal questions or entering PIN numbers or other digital certification. Most consumers have trouble remembering usernames, passwords and PIN numbers unique for individual merchants, and many consumers avoid shopping through merchants using such payment security measures.
Accordingly, there is a need for a method and apparatus for consumer authentication which can be achieved securely and transparently at the time of purchase. There is also a need to verify and authenticate purchasers by remote access. The present invention satisfies these needs, as well as others, and generally overcomes the deficiencies found in the background art.